MPLS L3 VPNs and the interaction between AS-Override and SoO

In MPLS Layer 3 VPNs, when Customer Edge (CE) devices in the same Autonomous System (AS) communicate, there might be a risk of routing loops. Two technologies, AS Override and Site of Origin (SoO), are used to manage this interaction effectively.

  1. AS-Override: This feature modifies the default behavior of eBGP, allowing a prefix from a CE in the same AS to be accepted by another CE. It is essential for facilitating routing between CEs within the same AS across an MPLS backbone.

  2. Site of Origin (SoO): It prevents routing loops, particularly in multi-homed CE environments. SoO tags prefixes from a CE and ensures these routes are not advertised back to the originating site, which is critical where multiple Provider Edge (PE) routers connect to the same CE site or where there might be BGP backdoor links

  3. Using AS-Override and SoO Together: While these features can seem counteractive, they are complementary in the right situations. AS-Override allows intra-AS routing, while SoO stops potential loops in multi-homed or backdoor link scenarios.

  4. Implementation Strategy:

    • Deploy AS-Override where needed to enable routing between CEs in the same AS.
    • Carefully configure SoO to address the specific topology. If there are no backdoor links or multi-homing, SoO may not be necessary. In contrast, with complex topologies like multi-homing or backdoor links, additional route filters or refined SoO application on relevant interfaces might be required.

Proper use of AS-Override and SoO ensures functional and loop-free communication between CEs in the same AS in MPLS L3 VPNs. Adjustments based on specific network topologies are necessary to balance between enabling communications and preventing loops.